Breach Brief – Government Payment Service Inc.
Government Payment Service Inc, doing business as GovPayNow.com has suffered a data breach reaching back to 2012. The service accepts online payments for over 2,300 local governments in 35 states. It handles payments for court-ordered fines, traffic tickets and licensing fees. KrebsonSecurity.com reported that more than 14 million customer records may have been compromised. Names, addresses, phone numbers and the last four digits of credit cards is among the compromised data.
Notified of the leak by KrebsOnSecurity.com, GovPayNow.com learned that records could be accessed by manipulating the digits in the web address displayed by each receipt. The payment site released a statement saying it had corrected a “potential issue,” adding while there was “no indication that any improperly accessed information was used to harm any customer” the company has updated its systems to prevent the situation from repeating itself.
According to GovPayNow.com the information is public record and can accessed by other methods.